Univention Corporate Server 4.2 erratum 494 (security)

This update of the Linux kernel to version 4.9.122 addresses the following
issues:
* CVE-2017-17975: use-after-free in the usbtv_probe function in
  drivers/media/usb/usbtv/usbtv-core.c
* CVE-2017-18216: ocfs2: subsystem.su_mutex is required while accessing the
  item->ci_parent
* CVE-2017-18218: Use-after-free vulnerability in
  drivers/net/ethernet/hisilicon/hns/hns_enet.c allows local attacker to
  cause denial of service
* CVE-2017-18222: Memory corruption in ethtool_get_strings function in hns
  driver
* CVE-2017-18224: ocfs2: ip_alloc_sem should be taken in ocfs2_get_block()
* CVE-2017-18255: Integer overflow in
  events/core.c:perf_cpu_time_max_percent_handler() can allow for denial of
  service
* CVE-2017-18257: Inifinite loop caused by integer overflow in
  fs/f2fs/data.c:__get_data_block() allows for denial of service
* CVE-2018-1066: Null pointer dereference in
  fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() when empty TargetInfo is returned
  in NTLMSSP setup negotiation response allowing to crash client's kernel
* CVE-2018-1087: KVM: error in exception handling leads to wrong debug stack
  value
* CVE-2018-1092: NULL pointer dereference in
  ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image
* CVE-2018-1093: Out of bounds read in
  ext4/balloc.c:ext4_valid_block_bitmap() causes crash with crafted ext4
  image
* CVE-2018-1108: drivers: getrandom(2) unblocks too early after system boot
* CVE-2018-1118: vhost: Information disclosure in
  vhost/vhost.c:vhost_new_msg()
* CVE-2018-1120: fuse-backed file mmap-ed onto process cmdline arguments
  causes denial of service
* CVE-2018-1130: a null pointer dereference in
  net/dccp/output.c:dccp_write_xmit() leads to a system crash
* CVE-2018-3620 CVE-2018-3646: cpu: L1 terminal fault (L1TF)
* CVE-2018-3639: cpu: speculative store bypass
* CVE-2018-5390: Linux Kernel TCP implementation vulnerable to Denial of
  Service
* CVE-2018-6412 kernel: Incorrect integer signedness in
  sbuslibc:sbusfb_ioctl_helper() allows for information leakage
* CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in
  drivers/scsi/libsas/sas_expander.c
* CVE-2018-8087 kernel: Memory leak in
  drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl() can lead to
  potential denial of service
* CVE-2018-8781: Integer overflow in
  drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute
  code in kernel space
* CVE-2018-8822: Memory corruption in ncp_read_kernel function in
  fs/ncpfs/ncplib_kernel.c
* CVE-2018-8897: error in exception handling leads to DoS
* CVE-2018-9363: Bluetooth: hidp: buffer overflow in hidp_process_report
* CVE-2018-10021: ata qc leak in drivers/scsi/libsas/sas_scsi_host.c allows
  local users to cause denial-of-service
* CVE-2018-10087: Undefined behavior in kernel/exit.c:kernel_wait4() function
  allows local denial of service
* CVE-2018-10876: use-after-free in jbd2_journal_commit_transaction funtion
* CVE-2018-10877: out-of-bound access in ext4_ext_drop_refs function with a
  crafted ext4 image
* CVE-2018-10878: out-of-bound write in ext4_init_block_bitmap()
* CVE-2018-10881: out-of-bound access in ext4_get_group_info() when mounting
  and operating a crafted ext4 image
* CVE-2018-10882: stack-out-of-bounds write infs/jbd2/transaction.c
* CVE-2018-10883: stack-out-of-bounds write in jbd2_journal_dirty_metadata
  function
* CVE-2018-10940: incorrect memory bounds check in drivers/cdrom/cdrom.c
* CVE-2018-12233: Memory corruption in JFS setattr
* CVE-2018-13405: Fix up non-directory creation in SGID directories
* CVE-2018-13406: video: uvesafb: Fix integer overflow in allocation
* CVE-2018-14734: infiniband: fix a possible use-after-free bug
* CVE-2018-15572: x86/speculation: Protect against userspace-userspace
  spectreRSB
* CVE-2018-15594: x86/paravirt: Fix spectre-v2 mitigations for paravirt
  guests
* CVE-2018-1000199: ptrace() incorrect error handling leads to corruption and
  DoS